+2017-07-06 Maxim Ostapenko <m.ostapenko@samsung.com>
+
+ * asan.h (asan_sanitize_allocas_p): Declare.
+ * asan.c (asan_sanitize_allocas_p): New function.
+ (handle_builtin_stack_restore): Bail out if !asan_sanitize_allocas_p.
+ (handle_builtin_alloca): Likewise.
+ * cfgexpand.c (expand_used_vars): Do not add allocas unpoisoning stuff
+ if !asan_sanitize_allocas_p.
+ * params.def (asan-instrument-allocas): Add new option.
+ * params.h (ASAN_PROTECT_ALLOCAS): Define.
+ * opts.c (common_handle_option): Disable allocas sanitization for
+ KASan by default.
+
2017-07-06 Maxim Ostapenko <m.ostapenko@samsung.com>
* asan.c: Include gimple-fold.h.
return (sanitize_flags_p (SANITIZE_ADDRESS) && ASAN_STACK);
}
+bool
+asan_sanitize_allocas_p (void)
+{
+ return (asan_sanitize_stack_p () && ASAN_PROTECT_ALLOCAS);
+}
+
/* Checks whether section SEC should be sanitized. */
static bool
static void
handle_builtin_stack_restore (gcall *call, gimple_stmt_iterator *iter)
{
- if (!iter)
+ if (!iter || !asan_sanitize_allocas_p ())
return;
tree last_alloca = get_last_alloca_addr ();
static void
handle_builtin_alloca (gcall *call, gimple_stmt_iterator *iter)
{
- if (!iter)
+ if (!iter || !asan_sanitize_allocas_p ())
return;
gassign *g;
extern bool asan_sanitize_stack_p (void);
+extern bool asan_sanitize_allocas_p (void);
+
/* Return TRUE if builtin with given FCODE will be intercepted by
libasan. */
expand_stack_vars (NULL, &data);
}
- if ((flag_sanitize & SANITIZE_ADDRESS) && cfun->calls_alloca)
+ if (asan_sanitize_allocas_p () && cfun->calls_alloca)
var_end_seq = asan_emit_allocas_unpoison (virtual_stack_dynamic_rtx,
virtual_stack_vars_rtx,
var_end_seq);
opts_set->x_param_values);
maybe_set_param_value (PARAM_ASAN_STACK, 0, opts->x_param_values,
opts_set->x_param_values);
+ maybe_set_param_value (PARAM_ASAN_PROTECT_ALLOCAS, 0,
+ opts->x_param_values,
+ opts_set->x_param_values);
maybe_set_param_value (PARAM_ASAN_USE_AFTER_RETURN, 0,
opts->x_param_values,
opts_set->x_param_values);
"Enable asan stack protection.",
1, 0, 1)
+DEFPARAM (PARAM_ASAN_PROTECT_ALLOCAS,
+ "asan-instrument-allocas",
+ "Enable asan allocas/VLAs protection.",
+ 1, 0, 1)
+
DEFPARAM (PARAM_ASAN_GLOBALS,
"asan-globals",
"Enable asan globals protection.",
PARAM_VALUE (PARAM_ALLOW_PACKED_STORE_DATA_RACES)
#define ASAN_STACK \
PARAM_VALUE (PARAM_ASAN_STACK)
+#define ASAN_PROTECT_ALLOCAS \
+ PARAM_VALUE (PARAM_ASAN_PROTECT_ALLOCAS)
#define ASAN_GLOBALS \
PARAM_VALUE (PARAM_ASAN_GLOBALS)
#define ASAN_INSTRUMENT_READS \
+2017-07-06 Maxim Ostapenko <m.ostapenko@samsung.com>
+
+ * c-c++-common/asan/kasan-alloca-1.c: New test.
+ * c-c++-common/asan/kasan-alloca-2.c: Likewise.
+
2017-07-06 Maxim Ostapenko <m.ostapenko@samsung.com>
* c-c++-common/asan/alloca_big_alignment.c: New test.
--- /dev/null
+/* { dg-do compile } */
+/* { dg-options "-fno-sanitize=address -fsanitize=kernel-address -fdump-tree-sanopt" } */
+/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
+
+void foo(int index, int len) {
+ char str[len];
+ str[index] = '1'; // BOOM
+}
+
+/* { dg-final { scan-tree-dump-not "__builtin___asan_alloca_poison" "sanopt" } } */
+/* { dg-final { scan-tree-dump-not "__builtin___asan_allocas_unpoison" "sanopt" } } */
--- /dev/null
+/* { dg-do compile } */
+/* { dg-options "-fno-sanitize=address -fsanitize=kernel-address --param asan-instrument-allocas=1 --param asan-stack=1 -fdump-tree-sanopt" } */
+/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
+
+void foo(int index, int len) {
+ char str[len];
+ str[index] = '1'; // BOOM
+}
+
+/* { dg-final { scan-tree-dump-times "__builtin___asan_alloca_poison" 1 "sanopt" } } */
+/* { dg-final { scan-tree-dump-times "__builtin___asan_allocas_unpoison" 1 "sanopt" } } */
projects / gcc.git / commitdiff